How much does it cost to get a computer Fixed?

It really depends on what the issue is. It would be best to get one of our technicians to come around an give you a free quote?

Is it worth repairing an OLD Pc?

Yes, definitely most components in PC can be replaced or repaired.

Can i buy a PC an upgrade it?

Yes you can. Most PC can be upgraded.

When should i replace a PC?

If it has recurring issues or if we cannot replace the part or source it, then its best to replace it.

Should i upgrade my 5 year old PC?

It depends on how much its going to cost to upgrade it. It is best to get one of our technicians to give you a free quote.

Nerdcore Australia
- Apr 10
- 4 min read

Use Apple products on enterprise networks

Updated: Apr 10

use apple application in enterprise networks

Find out which hosts and ports are required to use your Apple products on enterprise networks.

This article is intended for enterprise and education network administrators.

Apple products require access to the internet hosts listed in this article for a variety of services. Here's how your devices connect to hosts and work with proxies:

Network connections to the hosts below are initiated by the device, not by hosts operated by Apple.
Apple services will fail any connection that uses HTTPS Interception (SSL Inspection). If the HTTPS traffic traverses a web proxy, disable HTTPS Interception for the hosts listed in this article.

Make sure your Apple devices can access the hosts listed below.

Apple Push Notifications

Find out how to troubleshoot connecting to the Apple Push Notification service (APNs). For devices that send all traffic through an HTTP proxy, you can configure the proxy either manually on the device or with Mobile Device Management (MDM). Devices can connect to APNs when configured to use the HTTP proxy with a proxy auto-config (PAC) file.

Use Apple products on enterprise networks

Device Setup Icon Apple Products

Device setup

Apple devices need access to the following hosts during the setup process, or when installing, updating or restoring the operating system.

Hosts	Ports	Protocol	OS	Description	Supports proxies
albert.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Device activation	Yes
captive.apple.com	443, 80	TCP	iOS, iPadOS, tvOS and macOS	Internet connectivity validation for networks that use captive portals	Yes
gs.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS		Yes
humb.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS		Yes
static.ips.apple.com	443, 80	TCP	iOS, iPadOS, tvOS and macOS		Yes
sq-device.apple.com	443	TCP	iOS and iPadOS	eSIM activation	—
tbsc.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS		Yes
time-ios.apple.com	123	UDP	iOS, iPadOS and tvOS	Used by devices to set their date and time	—
time.apple.com	123	UDP	iOS, iPadOS, tvOS and macOS	Used by devices to set their date and time	—
time-macos.apple.com	123	UDP	macOS only	Used by devices to set their date and time	—

Apple Device Setup

Device management

Apple devices enrolled in MDM need access to the following hosts and domains.

Hosts	Ports	Protocol	OS	Description	Supports proxies
*.push.apple.com	443, 80, 5223, 2197	TCP	iOS, iPadOS, tvOS and macOS	Push notifications	Find out more about APNs and proxies.
deviceenrollment.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	DEP provisional enrolment	—
deviceservices-external.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS		—
gdmf.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Used by an MDM server to identify which software updates are available for devices that use managed software updates	Yes
identity.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	APNs certificate request portal	Yes
iprofiles.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Hosts enrolment profiles used when devices enrol in Apple School Manager or Apple Business Manager through Device Enrolment	Yes
mdmenrollment.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	MDM servers to upload enrolment profiles used by clients enrolling through Device Enrolment in Apple School Manager or Apple Business Manager, and to look up devices and accounts	Yes
setup.icloud.com	443	TCP	iOS and iPadOS	Required to log in with a Managed Apple ID on Shared iPad	—
vpp.itunes.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	MDM servers to perform operations related to Apps and Books, like assigning or revoking licences on a device	Yes

Apple Device Setup

Apple Business Manager and Apple School Manager

Administrators and managers need access to the following hosts and domains in order to administer and manage Apple Business Manager and Apple School Manager.

Hosts	Ports	Protocol	OS	Description	Supports proxies
*.business.apple.com	443, 80	TCP	-	Apple Business Manager	—
*.school.apple.com	443, 80	TCP	-	Apple School Manager	—
appleid.cdn-apple.com	443	TCP	-	Login authentication	Yes
idmsa.apple.com	443	TCP	-	Login authentication	Yes
*.itunes.apple.com	443, 80	TCP	-	Apps and Books	Yes
*.mzstatic.com	443	TCP	-	Apps and Books	—
api.ent.apple.com	443	TCP	-	Apps and Books (ABM)	—
api.edu.apple.com	443	TCP	-	Apps and Books (ASM)	—
statici.icloud.com	443	TCP	-	Device icons	—
*.vertexsmb.com	443	TCP	-	Validating tax-exempt status	—
www.apple.com	443	TCP	-	Fonts for certain languages	—
upload.appleschoolcontent.com	22	SSH	-	SFTP uploads	Yes

Employees and students using Managed Apple IDs need access to the following host in order to look up others in their business or school when composing messages or sharing documents.

Hosts	Ports	Protocol	OS	Description	Supports proxies
ws-ee-maidsvc.icloud.com	443, 80	TCP	iOS, iPadOS and macOS	User lookup service	—

Apple Device Setup

Apple Business Essentials device management

Administrators and devices managed by Apple Business Essentials need access to the following hosts and domains, along with those listed above for Apple Business Manager.

Hosts	Ports	Protocol	OS	Description	Supports proxies
axm-adm-enroll.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	DEP enrolment server	—
axm-adm-mdm.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	MDM server	—
axm-adm-scep.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	SCEP server	—
axm-app.apple.com	443	TCP	iOS, iPadOS and macOS	View and manage apps and devices	—
*.apple-mapkit.com	443	TCP	iOS and iPadOS	View the location of devices in Managed Lost Mode	—
icons.axm-usercontent-apple.com	443	TCP	macOS	Custom Package icons	—

Apple Device Setup

Classroom and Classwork

Student and Teacher devices using the Classroom or Classwork apps need access to the following hosts, as well as those listed in the Apple ID and iCloud sections below.

Hosts	Ports	Protocol	OS	Description	Supports proxies
s.mzstatic.com	443	TCP	iPadOS and macOS	Classroom and Classwork device verification	—
play.itunes.apple.com	443	TCP	iPadOS and macOS	Classroom and Classwork device verification	—
ws-ee-maidsvc.icloud.com	443	TCP	iPadOS and macOS	Classroom and Classwork class roster service	—
ws.school.apple.com	443	TCP	iPadOS and macOS	Classroom and Classwork class roster service	—
pg-bootstrap.itunes.apple.com	443	TCP	iPadOS	Classwork handout service	—
cls-iosclient.itunes.apple.com	443	TCP	iPadOS	Classwork handout service	—
cls-ingest.itunes.apple.com	443	TCP	iPadOS	Classwork handout service	—

Apple Device Setup

Software updates

Make sure that you can access the following ports for updating macOS, updating apps from the Mac App Store and for using content caching.

macOS, iOS, iPadOS, watchOS and tvOS

Apple devices need access to the following hosts when installing, restoring and updating iOS, iPadOS, macOS, watchOS and tvOS.

Hosts	Ports	Protocol	OS	Description	Supports proxies
appldnld.apple.com	80	TCP	iOS, iPadOS and watchOS	iOS, iPadOS and watchOS updates	—
configuration.apple.com	443	TCP	macOS only	Rosetta 2 updates	—
gdmf.apple.com	443	TCP	iOS, iPadOS, tvOS, watchOS and macOS	Software update catalogue	—
gg.apple.com	443, 80	TCP	iOS, iPadOS, tvOS, watchOS and macOS	iOS, iPadOS, tvOS, watchOS and macOS updates	Yes
gs.apple.com	443, 80	TCP	iOS, iPadOS, tvOS, watchOS and macOS	iOS, iPadOS, tvOS, watchOS and macOS updates	Yes
ig.apple.com	443	TCP	macOS only	macOS updates	Yes
mesu.apple.com	443, 80	TCP	iOS, iPadOS, tvOS, watchOS and macOS	Hosts software update catalogues	—
ns.itunes.apple.com	443	TCP	iOS, iPadOS and watchOS		Yes
oscdn.apple.com	443, 80	TCP	macOS only	macOS Recovery	—
osrecovery.apple.com	443, 80	TCP	macOS only	macOS Recovery	—
skl.apple.com	443	TCP	macOS only	macOS updates	—
swcdn.apple.com	443, 80	TCP	macOS only	macOS updates	—
swdist.apple.com	443	TCP	macOS only	macOS updates	—
swdownload.apple.com	443, 80	TCP	macOS only	macOS updates	Yes
swscan.apple.com	443	TCP	macOS only	macOS updates	—
updates-http.cdn-apple.com	80	TCP	iOS, iPadOS, tvOS and macOS	Software update downloads	—
updates.cdn-apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Software update downloads	—
xp.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS		Yes

Apple Device Setup

App Store

Apple devices need access to the following hosts and domains for installing and updating apps.

Hosts	Ports	Protocol	OS	Description	Supports proxies
*.itunes.apple.com	443, 80	TCP	iOS, iPadOS, tvOS and macOS	Store content, such as apps, books and music	Yes
*.apps.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Store content, such as apps, books and music	Yes
*.mzstatic.com	443	TCP	iOS, iPadOS, tvOS and macOS	Store content, such as apps, books and music	—
itunes.apple.com	443, 80	TCP	iOS, iPadOS, tvOS and macOS		Yes
ppq.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Enterprise App validation	—

Apple Device Setup

Network provider updates

Mobile devices need access to the following hosts to install provider bundle updates.

Hosts	Ports	Protocol	OS	Description	Supports proxies
appldnld.apple.com	80	TCP	iOS and iPadOS	Mobile network provider bundle updates	—
appldnld.apple.com.edgesuite.net	80	TCP	iOS and iPadOS	Mobile network provider bundle updates	—
itunes.com	80	TCP	iOS and iPadOS	Network provider bundle update discovery	—
itunes.apple.com	443	TCP	iOS and iPadOS	Network provider bundle update discovery	—
updates-http.cdn-apple.com	80	TCP	iOS and iPadOS	Mobile network provider bundle updates	—
updates.cdn-apple.com	443	TCP	iOS and iPadOS	Mobile network provider bundle updates	—

Apple Device Setup

Content caching

A Mac that provides content caching needs access to the following hosts, as well as the hosts listed in this document that provide Apple content, such as software updates, apps and additional content.

Hosts	Ports	Protocol	OS	Description	Supports proxies
lcdn-registration.apple.com	443	TCP	macOS only	Server registration	Yes
suconfig.apple.com	80	TCP	macOS only	Configuration	—
xp-cdn.apple.com	443	TCP	macOS only	Reporting	Yes

Clients of macOS content caching need access to the following hosts.

Hosts	Ports	Protocol	OS	Description	Supports proxies
lcdn-locator.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Content caching locator service	—
serverstatus.apple.com	443	TCP	macOS only	Content caching client public IP determination	—

Apple Device Setup

App features

Apple devices may need access to the following hosts to use certain app features.

App notarisation is required for apps to run on macOS 10.14 and later. Gatekeeper requires access to Apple servers to verify notarisation, unless the app developer has stapled the notarisation ticket to the app. App developers can find out more about customising the notarisation workflow.

App validation is used to certify that a valid instance of the app is running. App developers can find out more about establishing an app‘s integrity.

Hosts	Ports	Protocol	OS	Description	Supports proxies
api.apple-cloudkit.com	443	TCP	macOS	App notarisation	—
*.appattest.apple.com	443	TCP	iOS, iPadOS and macOS	App validation, Touch ID and Face ID authentication for websites	—

Apple Device Setup

Beta updates

Apple devices need access to the following hosts to sign in to Beta Updates and report feedback using the Feedback Assistant app.

Hosts	Port	Protocol	OS	Description	Supports proxies
bpapi.apple.com	443	TCP	iOS, iPadOS, tvOS, watchOS and macOS	Beta update enrolment	Yes
cssubmissions.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Used by Feedback Assistant to upload files	Yes
fba.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Used by Feedback Assistant to file and view feedback	Yes

Apple Device Setup

Apple diagnostics

Apple devices may access the following host in order to perform diagnostics used to detect a possible hardware issue.

Hosts	Ports	Protocol	OS	Description	Supports proxies
diagassets.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Used by Apple devices to help detect possible hardware issues	Yes

Apple Device Setup

Domain Name System resolution

Encrypted Domain Name System (DNS) resolution in iOS 14, iPadOS 14, tvOS 14, and macOS Big Sur and later uses the following host.

Hosts	Ports	Protocol	OS	Description	Supports proxies
doh.dns.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Used for DNS over HTTPS (DoH)	Yes

Apple Device Setup

Certificate validation

Apple devices must be able to connect to the following hosts to validate digital certificates used by the hosts listed in this article.

Hosts	Ports	Protocol	OS	Description	Supports proxies
certs.apple.com	80, 443	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
crl.apple.com	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
crl.entrust.net	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
crl3.digicert.com	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
crl4.digicert.com	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
ocsp.apple.com	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
ocsp.digicert.cn	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation in China mainland	—
ocsp.digicert.com	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
ocsp.entrust.net	80	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
ocsp2.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	—
valid.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Certificate validation	Yes

Apple Device Setup

Apple ID

Apple devices must be able to connect to the following hosts in order to authenticate an Apple ID. This is required for all services that use an Apple ID, such as iCloud, app installation and Xcode.

Hosts	Ports	Protocol	OS	Description	Supports proxies
appleid.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Apple ID authentication in Settings and System Preferences	Yes
appleid.cdn-apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Apple ID authentication in Settings and System Preferences	Yes
idmsa.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Apple ID authentication	Yes
gsa.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	Apple ID authentication	Yes

Apple Device Setup

iCloud

In addition to the Apple ID hosts listed above, Apple devices must be able to connect to hosts in the following domains to use iCloud services.

Hosts	Ports	Protocol	OS	Description	Supports proxies
*.apple-cloudkit.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.apple-livephotoskit.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.apzones.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services in China mainland	—
*.cdn-apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.gc.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.icloud.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.icloud.com.cn	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services in China mainland	—
*.icloud.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.icloud-content.com	443	TCP	iOS, iPadOS, tvOS and macOS	iCloud services	—
*.iwork.apple.com	443	TCP	iOS, iPadOS, tvOS and macOS	iWork documents	—
mask.icloud.com	443	UDP	iOS, iPadOS, macOS	iCloud Private Relay	—
mask-h2.icloud.com	443	TCP	iOS, iPadOS, macOS	iCloud Private Relay	—
mask-api.icloud.com	443	TCP	iOS, iPadOS, macOS	iCloud Private Relay	Yes

Apple Device Setup

Siri and Search

Apple devices must be able to connect to the following hosts to process Siri requests, including dictation and searching in Apple apps.

Hosts	Ports	Protocol	OS	Description	Supports proxies
guzzoni.apple.com	443	TCP	iOS, iPadOS and macOS	Siri and dictation requests	—
*.smoot.apple.com	443	TCP	iOS, iPadOS and macOS	Search services, including Siri, Spotlight, Lookup, Safari, News, Messages and Music	—

Apple Device Setup

Associated Domains

Apple devices must be able to connect to the following hosts to use Associated Domains in iOS 14, iPadOS 14, and macOS Big Sur and later. Associated Domains underpin universal links, a feature that allows an app to present content in place of all or part of its website. Handoff, App Clips and single sign-on extensions all use Associated Domains.

Hosts	Ports	Protocol	OS	Description	Supports proxies
app-site-association.cdn-apple.com	443	TCP, UDP	iOS, iPadOS and macOS	Associated domains for universal links	—
app-site-association.networking.apple	443	TCP, UDP	iOS, iPadOS and macOS	Associated domains for universal links	—

Tap to Pay on iPhone

To use a payment app to accept contactless payments, an iPhone must be able to reach the following hosts.

Hosts	Ports	Protocol	OS	Description	Supports proxies
pos-device.apple.com	443	TCP, UDP	iOS	Tap to Pay on iPhone	Yes
humb.apple.com	443	TCP	iOS	Tap to Pay on iPhone setup	Yes
phonesubmissions.apple.com	443	TCP	iOS	Optional analytics sharing	Yes

Apple Device Setup

Additional content

Apple devices must be able to connect to the following hosts to download additional content. Some additional content may also be hosted on third-party content distribution networks.

Hosts	Ports	Protocol	OS	Description	Supports proxies
audiocontentdownload.apple.com	80, 443	TCP	iOS, iPadOS and macOS	GarageBand downloadable content	—
devimages-cdn.apple.com	80, 443	TCP	macOS only	Xcode downloadable components	—
download.developer.apple.com	80, 443	TCP	macOS only	Xcode downloadable components	—
playgrounds-assets-cdn.apple.com	443	TCP	iPadOS and macOS	Swift Playgrounds	—
playgrounds-cdn.apple.com	443	TCP	iPadOS and macOS	Swift Playgrounds	—
sylvan.apple.com	80, 443	TCP	tvOS only	Apple TV screen savers	—

Apple Device Setup

Firewalls

If your firewall supports using hostnames, you may be able to use most Apple services listed above by allowing outbound connections to *.apple.com. If your firewall can only be configured with IP addresses, allow outbound connections to 17.0.0.0/8. The entire 17.0.0.0/8 address block is assigned to Apple.

Apple Device Setup

HTTP proxy

You can use Apple services through a proxy if you disable packet inspection and authentication for traffic to and from the listed hosts. Exceptions to this are noted above. Attempts to perform content inspection on encrypted communications between Apple devices and services will result in a dropped connection to preserve platform security and user privacy.

Apple Device Setup

Content Distribution Networks and DNS Resolution

Some of the hosts listed in this article may have CNAME records in DNS instead of A or AAAA records. These CNAME records may refer to other CNAME records in a chain before ultimately resolving to an IP address. This DNS resolution allows Apple to provide fast and reliable content delivery to users in all regions and is transparent to devices and proxy servers. Apple doesn't publish a list of these CNAME records because they are subject to change. You shouldn't need to configure your firewall or proxy server to allow them as long as you don't block DNS lookups and allow access to the hosts and domains named above.

Recent changes

July 2023:

Removed the macOS version requirement for APN connectio

Get IT Help Today! Please input your information here if you are having any issues with your technology, and then contact a member of our helpdesk team by calling 1300637326

Use Apple products on enterprise networks

Apple Push Notifications

Use Apple products on enterprise networks

Device setup

Device management

Apple Business Manager and Apple School Manager

Classroom and Classwork

Software updates

macOS, iOS, iPadOS, watchOS and tvOS

App Store

Network provider updates

Content caching

App features

Beta updates

Apple diagnostics

Domain Name System resolution

Certificate validation

Apple ID

iCloud

Siri and Search

Associated Domains

Tap to Pay on iPhone

Additional content

Firewalls

HTTP proxy

Content Distribution Networks and DNS Resolution

Recent changes

Recent Posts

Get IT Help Today!
Please input your information here if you are having any issues with your technology, and then contact a member of our helpdesk team by calling 1300637326